Merge pull request #53 from DNXLabs/feature/new_private_and_public_su…

…bnetgroup

Adding creation of db Subnet Groups

README.md

@@ -60,6 +60,9 @@ module "network" {
 | attachInternetGateway | To attach or not the internet gateway within the public subnet. | `bool` | `true` | no |
 | byoip | Enable module to use your own Elastic IPs (Bring Your Own IP) | `bool` | `false` | no |
 | cf\_export\_name | Name prefix for the export resources of the cloud formation output | `string` | `""` | no |
+| create\_dbsubgroup\_private | Create Private Subgroup | `bool` | `false` | no |
+| create\_dbsubgroup\_public | Create Public Subgroup | `bool` | `false` | no |
+| create\_dbsubgroup\_secure | Create Secure Subgroup | `bool` | `true` | no |
 | eip\_allocation\_ids | User-specified primary or secondary private IP address to associate with the Elastic IP address | `list(string)` | `[]` | no |
 | enable\_firewall\_default\_rule | Enable or disable the default stateful rule. | `bool` | `true` | no |
 | firewall\_custom\_rule\_arn | The stateful rule group arn created outside the module | `list(string)` | `[]` | no |
@@ -112,7 +115,9 @@ module "network" {
 | Name | Description |
 |------|-------------|
 | cidr\_block | CIDR for VPC created |
-| db\_subnet\_group\_id | n/a |
+| db\_subnet\_group\_private\_id | n/a |
+| db\_subnet\_group\_public\_id | n/a |
+| db\_subnet\_group\_secure\_id | n/a |
 | firewall\_subnet\_cidrs | List of firewall subnet CIDRs |
 | firewall\_subnet\_ids | List of firewall subnet IDs |
 | internet\_gateway\_id | ID of Internet Gateway created |

_outputs.tf

@@ -58,8 +58,16 @@ output "nat_gateway_ids" {
   description = "List of NAT Gateway IDs"
 }
 
-output "db_subnet_group_id" {
-  value = aws_db_subnet_group.secure.id
+output "db_subnet_group_secure_id" {
+  value = aws_db_subnet_group.secure[0].id
+}
+
+output "db_subnet_group_private_id" {
+  value = aws_db_subnet_group.private[0].id
+}
+
+output "db_subnet_group_public_id" {
+  value = aws_db_subnet_group.public[0].id
 }
 
 output "public_route_table_id" {

_variables.tf

@@ -252,6 +252,24 @@ variable "enable_firewall_default_rule" {
   description = "Enable or disable the default stateful rule."
 }
 
+variable "create_dbsubgroup_secure" {
+  type        = bool
+  default     = true
+  description = "Create Secure Subgroup"
+}
+
+variable "create_dbsubgroup_public" {
+  type        = bool
+  default     = false
+  description = "Create Public Subgroup"
+}
+
+variable "create_dbsubgroup_private" {
+  type        = bool
+  default     = false
+  description = "Create Private Subgroup"
+}
+
 locals {
   kubernetes_clusters = zipmap(
     formatlist("kubernetes.io/cluster/%s", var.kubernetes_clusters),

cf-exports.tf

@@ -6,14 +6,16 @@ resource "aws_cloudformation_stack" "tf_exports" {
       "VpcId"              = aws_vpc.default.id,
       "CidrBlock"          = aws_vpc.default.cidr_block,
       "InternetGatewayId"  = aws_internet_gateway.default.id,
-      "PublicSubnetIds"    = join(",", aws_subnet.public[*].id),
-      "PublicSubnetCidrs"  = join(",", aws_subnet.public[*].cidr_block),
-      "PrivateSubnetIds"   = join(",", aws_subnet.private[*].id),
-      "PrivateSubnetCidrs" = join(",", aws_subnet.private[*].cidr_block),
-      "SecureSubnetIds"    = join(",", aws_subnet.secure[*].id),
-      "SecureSubnetCidrs"  = join(",", aws_subnet.secure[*].cidr_block),
-      "NatGatewayIds"      = var.nat ? join(",", aws_nat_gateway.nat_gw[*].id) : "undefined",
-      "DbSubnetGroupId"    = aws_db_subnet_group.secure.id
+      "PublicSubnetIds"    = join(",", aws_subnet.public.*.id),
+      "PublicSubnetCidrs"  = join(",", aws_subnet.public.*.cidr_block),
+      "PrivateSubnetIds"   = join(",", aws_subnet.private.*.id),
+      "PrivateSubnetCidrs" = join(",", aws_subnet.private.*.cidr_block),
+      "SecureSubnetIds"    = join(",", aws_subnet.secure.*.id),
+      "SecureSubnetCidrs"  = join(",", aws_subnet.secure.*.cidr_block),
+      "NatGatewayIds"      = var.nat ? join(",", aws_nat_gateway.nat_gw.*.id) : "undefined",
+      "DbSubnetGroupId"    = aws_db_subnet_group.secure[0].id,
+      "DbSubnetPrivateGroupId" = try(aws_db_subnet_group.private[0].id,"")
+      "DbSubnetPublicGroupId"  = try(aws_db_subnet_group.public[0].id,"")
     }
   })
-}
+}

db-subnet.tf

@@ -1,13 +1,45 @@
 resource "aws_db_subnet_group" "secure" {
-  name       = lower(format(local.names[var.name_pattern].db_subnet, var.name, local.name_suffix))
-  subnet_ids = aws_subnet.secure[*].id
+  count      = var.create_dbsubgroup_secure ? 1 : 0
+  name       = lower("${format(local.names[var.name_pattern].db_subnet, var.name, local.name_suffix)}-secure")
+  subnet_ids = aws_subnet.secure.*.id
 
   tags = merge(
     var.tags,
     {
-      "Name"    = format(local.names[var.name_pattern].db_subnet, var.name, local.name_suffix)
+      "Name"    = "${format(local.names[var.name_pattern].db_subnet, var.name, local.name_suffix)}-secure"
       "Scheme"  = "secure"
       "EnvName" = var.name
     },
   )
 }
+
+resource "aws_db_subnet_group" "private" {
+  count      = var.create_dbsubgroup_private ? 1 : 0
+  name       = lower("${format(local.names[var.name_pattern].db_subnet, var.name, local.name_suffix)}-private")
+  subnet_ids = aws_subnet.private.*.id
+
+  tags = merge(
+    var.tags,
+    {
+      "Name"    = "${format(local.names[var.name_pattern].db_subnet, var.name, local.name_suffix)}-private"
+      "Scheme"  = "private"
+      "EnvName" = var.name
+    },
+  )
+}
+
+resource "aws_db_subnet_group" "public" {
+  count      = var.create_dbsubgroup_public ? 1 : 0
+  name       = lower("${format(local.names[var.name_pattern].db_subnet, var.name, local.name_suffix)}-public")
+  subnet_ids = aws_subnet.public.*.id
+
+  tags = merge(
+    var.tags,
+    {
+      "Name"    = "${format(local.names[var.name_pattern].db_subnet, var.name, local.name_suffix)}-public"
+      "Scheme"  = "public"
+      "EnvName" = var.name
+    },
+  )
+}
+